search

Home  >  Q&A  >  body text

linux - Problem with logging in using mongodb permissions after installing ubuntu mongodb apt

I received a text message notification from Alibaba Cloud in the middle of the night yesterday, saying that the server had a remote login exception

I came to the company this morning and asked around if no one was logged in. Then I checked the ubuntu system log

It was found that there are two logins, one from Romania and one from Shanghai. The user names used are both mongodb
A mongo version was installed on this machine using apt-get. This mongodb user was generated by this. Later, because of the version Too low to discard is useless, but it is not uninstalled.
Then manually install a version and start it with root permissions.

Note:
The system is ubuntu 14.04
No service is run using the mongodb user
The firewall is always on and only allows access to port 22 and port 80. The mongo port is not open to the outside world.
Check /etc/passwd and find that mongodb106:65534::/home/mongodb:/bin/bash The running command is bash, and this user is now prohibited from logging in.
Looking at the mongodb user group, I found that mongodb actually belongs to the root user group. . .

Excuse me, sir, are the username and password generated by default for this mongodb user the same? Or did they knock out the password? What harm can be done to the server after logging in with this user?

大家讲道理大家讲道理2853 days ago1089

reply all(1)I'll reply

  • 漂亮男人

    漂亮男人2017-05-02 09:28:31

    After the default installation of MongoDB ubuntu, it looks like this:

    mongodb:X:121:65534::/home/mongodb:/bin/false

    The user mongodb is generated, but cannot log in to the operating system.

    From your description, there are two possibilities:

    1. The user mongodb may have been compromised and modified to be able to log in. Check all relevant logs, but they may not have been deleted.

    2. It may just be some scanning tools that scan your operating system.

    If it’s the first situation, the consequences will depend on whether the other party has malicious intent. Take some remedial measures quickly, install the latest security patches, check security-related configurations, and back up/encrypt key business data.

    For reference.

    Love MongoDB! Have fun!

    MongoDB Online Lecture Series 19- MongoDB 10 steps to build a single view

    Everyone come tomorrow, the 19th, please click: >---<

    reply
    0
  • Cancelreply